Virgin Media will trial deep packet inspection technology to measure the level of illegal filesharing on its network, but plans not to tell the customers whose traffic will be examined.
The system, CView, will be provided by Detica, a BAE subsidiary that specialises in large volume data collection and processing, and whose …

COMMENTS

Page:

DPI has no place on any internet connection

So glad I left VM. I've BEen with someone much better for quite a while now... No stupid crippling arbitrary and punitive capping, and certainly no DPI. Long may it continue. Although, I have a sad feeling it won't be very long.

Dear Detica,

Don't you realise that if you make crap like this to make a quick buck that you won't solve the "problem" of filesharing, you'll just speed up the development of tools that are totally encrypted? It's already pretty easy to use encryption but people aren't wholley aware of it yet, but if, after 3 months, a chunk of the country is attacked by law then people will simply look to learn the next step in secure filesharing? You won't stop illegal filesharing until a viable alternative is offered; a service with 100% coverage of music selling at a proper price will convert many more filesharers than putting them in jail.

Detica's wishes

Detica has no wish to stop _unwanted_ filesharing. That's not their business. They sell boxes to the black helecopter brigade. The boxes for monitoring everyones internet connection would come from people like Detica (I was head-hunted for them; didn't take the pill).

If people add mechanisms to make it harder, Detica el al will just work harder. The boxes will get bigger & cost more. Profit as a % of cost goes up :)

Re. Detica's wished

[pedantry] DPI can't determine legality

"Virgin Media will trial deep packet inspection technology to measure the level of _____ sharing of copyrighted material on its network, ..."

There, fixed it for you. Of course, a DPI filter cannot determine whether permission was obtained from the copyright holder, nor can it determine if the law was broken since it is not an officer or court of law.

@"Of course, a DPI filter cannot determine ...

... whether permission was obtained from the copyright holder etc.."

They don't care. If their automated spying system chooses to limit you or block you, then that leaves it up to you to prove that the data wasn't illegal (so you can phone up their expensive technical help line, to ask to be reconnected ;) ... Its a guilty until proven innocent approach to policing. Welcome to 21st century Totalitarian Police State policing in New Labour's new Britain. :(

DPI and encypted traffic

Genuine question - how well does DPI worth when the p2p traffic is encrypted? If it's on arbitrary ports, and encryption enabled, surely this is shutting the door after the horse has bolted - or are we going after teens/grannies again?

The PR reads like they just want better figures to prove how wonderful their new download service is going to be. "Ooh, look, 50% less piracy now!", whereas everyone will simply move on.

No matter how its anonymised

At some stage they will have collected the evidence for individual users apparently infringing the law. If the BPI serves them a subpoena, they surely might have to cough this up. If not, would they have destroyed potentially incriminating evidence?

RE: DPI has no place on any internet connection

Aren't BE now owned by Virgin or something?

Anyway, if you are looking for a place to go, Zen Internet are my ISP of choice. I've been an avid Zen user for years now and they are top notch (there is a reason they keep getting ISP of the year awards).And I know this is really sounding like an advert but I really think they deserve the publicity, they also announce that they don't do traffic shaping or DPI, and don't plan to.

Also they are not owned by some supercorp. They are one of the few remaining true ISPs.

Download limits

5GB download limit per month, thats 1DVD quality movie a month. According to my history, last January I downloaded 156GB from Usenet alone. Thats triple the download limit of even their largest package!

@The Comment Above me

With all the extra's a DVD would come to about 5Gb, Assuming it was a DVD .ifo file and hadn't been converted into avi, mpg or (god forbid) wmv

@Original Anonymous Coward

I'm also with Zen, and 5 gb is their basic package. They go up to 50gb. You can also buy additional Gb allowance if you use it up, so if you do go Usenet crazy they won't just cut you off for the rest of the month, they'll just ask you to pay for more allowance. Which seems pretty reasonable, bearing in mind that you're not paying for your DVD's

Not shocked.

I always wondered why VM backed away from Phorm. And at least we can clearly see why the Govt didn't go against Phorm, given BAE's love in.

So VM they cap you and now that capped allowance is inspected, which must slow it down further. I pity the fool that pays for their super fast package. All that wasted bandwidth.

Heres to mass use of encryption and two fingers to our Facist government.

Then again, it could just prove that people aren't actually downloading and sharing music, and then the message will clearly be that record sales have dropped because music on offer today is utter SHITE.

What's licensing got to do with it?

'it will then peer inside those packets and try to determine what is licensed and what is unlicensed, based on data provided by the record industry.'

Whether the thing being transfered is licensed or not is irrelevant. The question is whether the copyright owner gave permission. A trial version of software could well be identified as licensed, but sharing that is perfectly legal, infact helping the owning company!! So, my guess is the above statement should actually say

'it will then peer inside those packets and determine what is licensed, which will be all music, video etc.etc. (even though it may not be). It will then determine that as it's peer-to-peer, the copyright holder cannot possibly have given permission and therefore it must be illegal.'

Horse has bolted

The Pirate Bay has switched to Distributed Hash Tables for its trackers, BitTorrent clients are beginning to enable encrypted streams by default, and more people are learning about darknets / Tor.

You're squeezing a water balloon, Mandelson; The only thing keeping everyone in one place is convenience. Squeeze too hard and the balloon will burst. File sharers will obscure and secure, and you'll be left holding the flaccid remnants and a giant clean-up bill.

Give up. Tell the music industry to adapt its business model, or fail. They are relics of a time of scarcity and limited resources. Distribution is no longer in their control, and shouldn't be their business.

I don't download unlicensed music, as I already own all of the music I like. That is the worst place for you to be, in my opinion. Improve your products so I *want* to pirate your music, and make it easy for me to buy it so I'll do that instead. Or...

Simple - get a MAC - or perhaps not so simple

Large concerns like Virgin (who I personally wouldn't touch with a bargepole) are only ever as bad as their mass-market customers allow them to be. The trouble with this sort of caper is that Virgin assume they can get away with it, as the majority of their customer base (present company excepted of course) won't even understand the above article. They're probably right.

Get a MAC and move, people - though where to these days as we rapidly approach a monopoly situation in our media and internet, I'm not sure.

What seems to me to be desperately needed these days is for a similar system to that for switching power and phone accounts. If we could change isps with the speed and ease we can switch power suppliers, instead of the rigmarole we suffer at present, I suspect a lot of isps would soon be feeling the pinch.

speed and ease of switching power accounts?

The last time I moved my electricity supplier (within the last couple of years), it took around three months for the two of them to sort out the transfer. The last time I moved ADSL with a MAC, it took less than a fortnight, so I'd say that the rigmarole thing works both ways ;-)

Yes but...

The difference between utilities suppliers and ISPs is that with utilities you are not held to a contract, at the moment if you want to switch ISPs then you need to either wait till the end of your contract or pay the cost...

The other problem is any change of service reuires a new contract.. I upgraded from the crappy capped connection to unlimited... new 12 month contract.

Encryption?

Er, all you guys talking about encryption... who's got they keys?

If all you mean is encrypt your traffic as some P2P clients have been doing for a while, it's pointless. The Man just joins the P2P community like any other P2P user and gets to see what IPs are tracked as offering what torrents (or whatever). Where's your encryption there? All it might have done is bypass simple-minded throttling hardware.

Encrypted VPN to an overseas server and take it from there. I see a business opportunity here...

If the man joins the swarm on an unlicensed torrent

Encryption time

There we go. Just turned Vuze to use and allow only RC4-160 bit encrypted connections, and my speed is better to boot by about 25%. Welcome to the war Virgin, you are going to spend a lot of money to find out you can't read anything. Governments just hate it when they can't read your traffic. Soon enough all Internet apps will be using encryption and I think it is a good thing.

Am I missing something?

Every time I see comments like this I wonder if i'm missing something, probably because i'm operations not networks. I'm sure someone from networks can shed a little more light on this.

Your planning on encrypting all of the traffic from peer to peer, which prevents the ISP from seeing the contents of your traffic.

However, you then goto a random website and download what amounts to being a plain text file detailing the contents of that file, and the location of the peers to start your P2P download. Does this not defeat the object of encrypting it all? Even if you encrypt this file from the server to the desktop, if I have the URL then surely I can just download my own copy of the file?

Because, by my admittedly rudimentary understanding of P2P networks your torrent files contains the title of the download. Therefore, surely the ISP does not need to peek at what your uploading or downloading. They'd just have to look at the torrent to get the title of the file your downloading which completely bypasses your encryption.

Yes, You're missing the bleedin' obvious.

How does this work?

Deep Packet Inspection. It looks at the packets rather than just the headers. OK. But what I haven't been able to find is an explanation of how it actually determines what it finds in the packets is (supposedly) illegally shared copyright material.

If I share an mp3 as an mp3 then the packets are going to look like parts of an mp3. If I put the mp3 in a zip file and share it the packets are going to look like parts of a zip file. If I put the mp3 in a tar file and share it the packets are going to look like parts of a zip file. Even if I leave the file as an mp3, the packets will look different depending on how it was encoded.

Signatures

There are already huge databases online that have signatures of music which is an excellent way of tagging your music if you don't know the title, artist, etc, just by ripping a CD or analysing an existing MP3. e.g. MusicBrainz.

It's simple. Analyse the music, generate a signature. Compare against a database for a match or near match.

Similar also to how those services work where you can get your phone to listen to music and it tells you what the track is.

Zips. No problem. They can be treated like any other file system. Password protected zips are no defence unless they are encrypted (usually aren't).

The analysis doesn't have to be real time if they're just looking for evidence to supply to the industry, they just need to DPI to flag the traffic, gather and analyse on batch later (I suspect VM are doing this in preparation for the draconian Nu-Labour laws requiring ISPs to spy on their customers).

Some ISPs (e.g. PlusNet) already use DPI to categorise the traffic and throttle accordingly, though it doesn't consider where the content is legal or not (at least not yet).

That only works

Signatures, schmigatures.

"There are already huge databases online that have signatures of music which is an excellent way of tagging your music if you don't know the title, artist, etc, just by ripping a CD or analysing an existing MP3. e.g. MusicBrainz."

It's simple. Analyse the music, generate a signature. Compare against a database for a match or near match."

The services that tell iTunes and the like what CD you just inserted work based on the number of tracks on the CD and the duration of those tracks. (http://en.wikipedia.org/wiki/CDDB) None of this information is available when someone's sharing a single track.

"Similar also to how those services work where you can get your phone to listen to music and it tells you what the track is."

More plausible. They would to assemble enough of the file to get a suitably long segment to analysis. Which I suppose might be possible if the info isn't need in real time.

signatures

"The services that tell iTunes and the like what CD you just inserted work based on the number of tracks on the CD and the duration of those tracks. (http://en.wikipedia.org/wiki/CDDB) None of this information is available when someone's sharing a single track."

Services like MusicBrainz does indeed work just on individual tracks. That's why they're so good for tagging a mess of an MP3 collection. CDDB isn't so good as it just works on a CD signature based on headers of a CD rather than the content.

"How do they identify dvix rips of movies?"

Feasibly the same way. It's much the same as generating a signature for any kind of file. Like generating a hash signature. When it comes to content that may not be exact (i.e. depends on the ripping quality, algorithms, etc), then you just look for a confidence threshold.

They miss the point, don't they

I'd love to know if this DPI can "see" into encrypted P2P. Will they break the law to enforce a law?

The last time I bought a CD must have been 5 years ago. I. like others don't buy them now, because I'm not going to buy an album of filler tracks just to listen to two reasonable tracks. The music today is SHITE, mass produced industrialised SHITE. In fact we should coin a new use of the word SHITE to mean 21st century pop music. The reg needs another icon, as well as the thumbs up, the middle finger. Meanwhile i'll be trying to stay with virgin as I get a 10MB line and unlimited 24/7 UK phone calls for £25 a month. I used to be with Zen, but the copper lines in my area are shot. £25 might sound a lot, but the phone is used for a business, and gets a lot of use.

Questions

- How do you reliably determine whether copyright is being infringed ?

- Do you have the ability to determine the payload of encrypted traffic or, when for example looking at bittorrent , do you look at the swarm around a torrent, guess the copyright status by the file name(s) and then extrapolate from there?

I smell BS

Our uni has just got some peerscope hardware installed, so I looked into their product. I was flabbergasted! It's so much BS, but clueless bosses, the media, and the creative industry will gobble it up without looking deeper.

On one page, they say they have a database of copyrighted stuff, which the network traffic is compared to. How? Filenames? A certain 'release' hash (that can be encoded/packaged differently a thousand times etc)? ... and the onus is on the music/film/whatever industry to inform them!

However, on another page, they maintain they can spot illegal traffic without even checking packet contents. Amazing tech!

On a product page demonstrating how it works, 'Honeypots' was a major component, and then it all twigged.

Guys like this are the people that create fake torrents, they track those fake torrents, they report on how popular the fake torrents are, and boom, we have a filesharing epidemic (fake) and a company that can monitor it (themselves!). They have a top 100 shared files, and some are not even proper pirated releases... (DVD rip of Saw 6 tracked two weeks before cinema release?)

I think the filesharing 'problem' is actually overinflated, with gullible 'normal' people being duped into downloading stuff, and then massive figures being extrapolated from the entrapments. Companies like peerscore and in the article are not helping. However, the proliferation of the idea that piracy is massive and bad helps keep media profits up in a digital age, where distribution and talent are cheap.

To be fair, there's hardly any point being pirate anymore. Any song I want from Napster/Spotify for a tenner? Any DVD/Blu Rays I want from Lovefilm for £7? Bargains, and it's easy too! In our house we have Sky and Cineworld unlimited passes as well... we're consuming probably more content than pirates, at high quality, legally and fairly cheaply!

tl;dr: piracy is overinflated, there are now decent legal services for most stuff

@ John186... Simple - Get a Mac

Eh...? The operating system you use is irrelevant. Even Mac users have access to software that enables them to download from bit torrent sites (Transmission is an example, and even µTorrent has been ported to Mac now).

The packets whizzing across the network are still going to be intercepted, irrespective of whether they originated from or are destined for a Mac. This is all being done at the network level, it's not a client that Vermin Media are going to ask you to install on your Windows PC.

Personally, I think this approach is short-sighted. It will just speed up the adoption of encrypted file sharing, which no ISP will be able to examine - they may be able to see where your traffic is coming from & going to, and therefore assume that any encrypted traffic seen immediately after you've searched the Pirate Bay's website is going to be a DVD5 copy of the latest Hollywood blockbuster. But we all know what happens when you assume something ;o)